matomo-org / matomo

Empowering People Ethically with the leading open source alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. Liberating Web Analytics. Star us on Github? +1. And we love Pull Requests!
https://matomo.org/
GNU General Public License v3.0
19.85k stars 2.64k forks source link

Implement a fine-grained permission system #21175

Open sgiehl opened 1 year ago

sgiehl commented 1 year ago

Summary

Matomo currently only serves these type of user access: super user, admin, write, view and anonymous. In addition, there are some capabilities to restrict access to certain tag manager features.

Especially the roles super user and admin are quite broad, and it's not possible to restrict them further.

As we already had a lot different requests related to this topic, I'll try to summarise those requests here and append the list of related issues, so we don't forget them when implementing a new permission system.

Requirements

Before implementing this, the whole permission system needs to be defined in detail, as it can easily become quite complex when e.g. combining access levels per site with anything else. Someone could e.g. be allowed to view a report on one site, but not on another and stuff like this. To make that configurable easily in the UI, we need to discuss a proper UI/UX approach as well.

Related issues that should be possible to solve with a new permission system

replaces #1568

mikkeschiren commented 11 months ago

The currently limited user permissions could in some cases be a security issue - like when using API to export data to an endpoint, and if someone just changes the parameters, data that never should be exposed outside of Europe (as an example - like GDPR restrictions), could be exposed. To solve this we have in some cases needed to write our endpoint, to restrict the data transferred.

atom-box commented 10 months ago

(A user emailed us: "This looks very good. The following requirements are missing"...)

We don't want to grant many admin rights, it would make sense if users with the "write" role could do these things.

atom-box commented 6 months ago

A user asked for this feature.

Is there any way to limit... segment settings so only admins can create?